### Velero UI Installation Guides Source: https://velero-ui.docs.otwld.com/category/-getting-started Guides for installing and setting up Velero UI using various methods including Docker, Helm Chart, and Kubernetes. Also includes a development guide and an overview of environment variables. ```APIDOC Start with Docker: Description: Guide to start Velero UI using Docker. URL: https://velero-ui.docs.otwld.com/getting-started/docker Start with Helm Chart: Description: Guide to start Velero UI using Helm Chart. URL: https://velero-ui.docs.otwld.com/getting-started/helm Start with Kubernetes: Description: Guide to start Velero UI using Kubernetes. URL: https://velero-ui.docs.otwld.com/getting-started/kubernetes Development Guide: Description: Guide for developers to set up and work with Velero UI. URL: https://velero-ui.docs.otwld.com/getting-started/manual Environment Variables Overview: Description: Overview of environment variables used in Velero UI. URL: https://velero-ui.docs.otwld.com/getting-started/environment-variables ``` -------------------------------- ### Getting Started with Docker Source: https://velero-ui.docs.otwld.com/index Instructions for getting started with Velero UI using Docker. This section likely covers Docker image pulling, container setup, and basic configuration. ```markdown ## Getting Started[​](https://velero-ui.docs.otwld.com/#getting-started "Direct link to Getting Started") * [🐳 **Getting Started with Docker**](https://velero-ui.docs.otwld.com/getting-started/docker) ``` -------------------------------- ### Getting Started with Helm Chart Source: https://velero-ui.docs.otwld.com/index Instructions for deploying Velero UI using a Helm chart. This section would detail Helm repository addition, chart installation, and configuration values. ```markdown * [☸️ **Getting Started with Helm Chart**](https://velero-ui.docs.otwld.com/getting-started/helm) ``` -------------------------------- ### Install Project Dependencies Source: https://velero-ui.docs.otwld.com/getting-started/manual Installs all necessary project dependencies using npm after cloning the repository. ```bash npm install ``` -------------------------------- ### Serve Velero UI API Source: https://velero-ui.docs.otwld.com/getting-started/manual Starts the Velero UI API development server using the Nx build tool. ```bash nx serve velero-ui-api ``` -------------------------------- ### Install Velero UI from Source Source: https://velero-ui.docs.otwld.com/getting-started/helm Installs the Velero UI chart from the local source code into the specified Kubernetes namespace. ```bash helm install velero-ui . --namespace velero-ui ``` -------------------------------- ### Install Nx Globally Source: https://velero-ui.docs.otwld.com/getting-started/manual Installs the Nx build system globally on your machine using npm. ```bash npm add --global nx@latest ``` ```bash npm install -g nx@latest ``` -------------------------------- ### Serve Velero UI Application Source: https://velero-ui.docs.otwld.com/getting-started/manual Starts the Velero UI frontend development server using the Nx build tool. ```bash nx serve velero-ui ``` -------------------------------- ### Install Velero UI from Registry Source: https://velero-ui.docs.otwld.com/getting-started/helm Installs the Velero UI chart from the OTWLD Helm repository into the specified Kubernetes namespace. ```bash helm install velero-ui otwld/velero-ui --namespace velero-ui ``` -------------------------------- ### Apply Kubernetes Manifests Source: https://velero-ui.docs.otwld.com/getting-started/kubernetes Command to apply all Kubernetes manifests in the current directory using kubectl. ```bash kubectl apply -f . ``` -------------------------------- ### Getting Started with Kubernetes Source: https://velero-ui.docs.otwld.com/index Instructions for deploying Velero UI directly onto a Kubernetes cluster. This may involve applying YAML manifests or using custom operators. ```markdown * [βš™οΈ **Getting Started with Kubernetes**](https://velero-ui.docs.otwld.com/getting-started/kubernetes) ``` -------------------------------- ### Build Velero UI Application Source: https://velero-ui.docs.otwld.com/getting-started/manual Builds the Velero UI frontend for production deployment using the Nx build tool. ```bash nx build velero-ui ``` -------------------------------- ### Clone Velero UI Repository (HTTPS) Source: https://velero-ui.docs.otwld.com/getting-started/helm Clones the Velero UI Git repository using HTTPS for development or source-based installations. ```bash git clone https://github.com/otwld/velero-ui.git ``` -------------------------------- ### Build Velero UI Docker Image Source: https://velero-ui.docs.otwld.com/getting-started/manual Builds a Docker image for the Velero UI application. Assumes Docker is installed. ```bash nx build velero-ui ``` ```bash docker build -t velero-ui . ``` -------------------------------- ### Create Kubernetes Namespace Source: https://velero-ui.docs.otwld.com/getting-started/helm Creates a new Kubernetes namespace named 'velero-ui' to isolate the Velero UI deployment. ```bash kubectl create namespace velero-ui ``` -------------------------------- ### Build Velero UI API Source: https://velero-ui.docs.otwld.com/getting-started/manual Builds the Velero UI API for production deployment using the Nx build tool. ```bash nx build velero-ui-api ``` -------------------------------- ### Clone Velero UI Repository (SSH) Source: https://velero-ui.docs.otwld.com/getting-started/helm Clones the Velero UI Git repository using SSH for development or source-based installations. ```bash git clone git@github.com:otwld/velero-ui.git ``` -------------------------------- ### Add OTWLD Helm Repository Source: https://velero-ui.docs.otwld.com/getting-started/helm Adds the OTWLD Helm repository to your local Helm configuration, allowing you to access the Velero UI chart. ```bash helm repo add otwld https://helm.otwld.com/ ``` -------------------------------- ### Navigate to Chart Directory Source: https://velero-ui.docs.otwld.com/getting-started/helm Changes the current directory to the Helm chart directory within the cloned Velero UI repository. ```bash cd velero-ui/kubernetes/chart ``` -------------------------------- ### Clone Velero UI Repository Source: https://velero-ui.docs.otwld.com/getting-started/manual Clones the Velero UI project from GitHub to your local machine using Git. ```bash git clone git@github.com:otwld/velero-ui.git ``` -------------------------------- ### Velero UI Microsoft Authentication Configuration Example Source: https://velero-ui.docs.otwld.com/sso-ldap/providers/microsoft An example demonstrating how to set the environment variables required for Microsoft authentication in Velero UI. This includes enabling the feature and providing necessary Azure AD credentials. ```bash MICROSOFT_AUTH_ENABLED=true MICROSOFT_CLIENT_ID=your-client-id MICROSOFT_CLIENT_SECRET=your-client-secret MICROSOFT_OAUTH_SCOPE="user.read" MICROSOFT_REDIRECT_URI=http://localhost:4200/login MICROSOFT_TENANT=common MICROSOFT_AUTHORIZATION_URL=https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize MICROSOFT_TOKEN_URL=https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token ``` -------------------------------- ### Navigate to Manifests Directory Source: https://velero-ui.docs.otwld.com/getting-started/kubernetes Command to change the current directory to the Kubernetes manifests folder within the cloned repository. ```bash cd velero-ui/kubernetes/manifests ``` -------------------------------- ### Update Helm Repositories Source: https://velero-ui.docs.otwld.com/getting-started/helm Updates your local Helm repository cache to fetch the latest chart information, including the Velero UI chart. ```bash helm repo update ``` -------------------------------- ### Clone Velero UI Repository Source: https://velero-ui.docs.otwld.com/getting-started/kubernetes Instructions for cloning the Velero UI project repository using either SSH or HTTPS protocols. ```git git clone git@github.com:otwld/velero-ui.git ``` ```git git clone https://github.com/otwld/velero-ui.git ``` -------------------------------- ### Access Velero UI via Port Forwarding Source: https://velero-ui.docs.otwld.com/getting-started/kubernetes Command to expose the Velero UI service to the local machine using kubectl port-forwarding. ```bash kubectl port-forward service/velero-ui 3333:80 -n velero-ui ``` -------------------------------- ### Upgrade Velero UI Helm Chart Source: https://velero-ui.docs.otwld.com/getting-started/helm Upgrades an existing Velero UI Helm deployment to a new version, applying changes from a specified values.yaml file. ```bash helm upgrade velero-ui olwld/velero-ui --namespace velero-ui --values values.yaml ``` -------------------------------- ### Velero UI Generic OAuth Configuration Example Source: https://velero-ui.docs.otwld.com/sso-ldap/providers/generic An example demonstrating how to set the environment variables required for generic OAuth authentication in Velero UI, including provider URLs, client credentials, and scope. ```Shell OAUTH_AUTH_ENABLED=true OAUTH_NAME="Your OAuth Provider" OAUTH_AUTHORIZATION_URL="https://your-provider.com/oauth/authorize" OAUTH_USER_INFO_URL="https://your-provider.com/oauth/userinfo" OAUTH_TOKEN_URL="https://your-provider.com/oauth/token" OAUTH_CLIENT_ID=your-client-id OAUTH_CLIENT_SECRET=your-client-secret OAUTH_OAUTH_SCOPE="openid profile email" OAUTH_REDIRECT_URI=http://localhost:4200/login OAUTH_GROUP_CLAIM=groups ``` -------------------------------- ### RBAC Policy Example Source: https://velero-ui.docs.otwld.com/sso-ldap/rbac This snippet demonstrates the syntax for defining Role-Based Access Control (RBAC) policies. It shows how to grant permissions to groups and users for specific resources and actions within the Velero UI. ```rbac-policy g,*,read,all g,developers,create,backups u,example@org.com,manage,backups u,example@org.com,read,schedules ``` -------------------------------- ### Uninstall Velero UI with Helm Source: https://velero-ui.docs.otwld.com/getting-started/helm This command removes the Velero UI deployment from the specified Kubernetes namespace using Helm. It's a straightforward process to clean up the installation. ```bash helm delete velero-ui --namespace velero-ui ``` -------------------------------- ### Run Velero UI with Docker Source: https://velero-ui.docs.otwld.com/getting-started/docker This command runs the Velero UI container, mounting your local Kube config file into the container and exposing the UI on port 3333. It uses the 'latest' tag of the otwld/velero-ui image. ```docker docker run --name velero-ui -v ~/.kube/config:/app/.kube/config -e KUBE_CONFIG_PATH=/app/.kube/config -d -p 3333:3000 otwld/velero-ui:latest ``` -------------------------------- ### Velero UI Docker Support Information Source: https://velero-ui.docs.otwld.com/contributing Information regarding Velero UI's support for Docker, emphasizing the need for basic Docker knowledge for setups and advanced configurations. ```English Docker Support: Velero UI supports Docker, but you’ll need a solid understanding of Docker basics. Advanced Configurations: For reverse proxies or other complex setups, we recommend learning Docker and related tools to ensure a smooth experience. ``` -------------------------------- ### Velero UI RBAC Policy Syntax Source: https://velero-ui.docs.otwld.com/sso-ldap/rbac Defines the syntax for creating RBAC policies in Velero UI, covering both group and user assignments for actions on subjects. It specifies how to match all groups or users. ```APIDOC Group Policy Syntax: g,,, - : The name of the group in the provider (use '*' to match all groups). - : The action to be performed. - : The subject of the action. User Policy Syntax: g,,, - : The email of the user or username for LDAP in the provider (use '*' to match all users). - : The action to be performed. - : The subject of the action. ``` -------------------------------- ### Velero UI Authentication Providers Source: https://velero-ui.docs.otwld.com/category/-providers Velero UI supports multiple authentication methods to secure access. This section lists the available providers and links to their respective configuration guides, which typically involve setting environment variables. ```APIDOC Generic Oauth2: Supports authentication via a custom OAuth provider. Configuration: Use environment variables. Link: https://velero-ui.docs.otwld.com/sso-ldap/providers/generic Github: Supports authentication via GitHub using OAuth 2.0. Configuration: Use environment variables. Link: https://velero-ui.docs.otwld.com/sso-ldap/providers/github Gitlab: Supports authentication via GitLab using OAuth 2.0. Configuration: Use environment variables. Link: https://velero-ui.docs.otwld.com/sso-ldap/providers/gitlab Google: Supports authentication via Google using OAuth 2.0. Configuration: Use environment variables. Link: https://velero-ui.docs.otwld.com/sso-ldap/providers/google LDAP: Supports authentication via LDAP (Lightweight Directory Access Protocol). Configuration: Use environment variables. Link: https://velero-ui.docs.otwld.com/sso-ldap/providers/ldap Microsoft: Supports authentication via Microsoft using OAuth 2.0. Configuration: Use environment variables. Link: https://velero-ui.docs.otwld.com/sso-ldap/providers/microsoft ``` -------------------------------- ### Velero UI RBAC Resource Actions Source: https://velero-ui.docs.otwld.com/sso-ldap/rbac Details the available actions (manage, read, create, update, delete, download, logs) for various resources within Velero UI's RBAC system. It also shows default behaviors for users and the wildcard '*' subject. ```APIDOC Subject \ Action | manage (All actions) | read | create | update | delete | download | logs ---|---|---|---|---|---|---|--- backups | βœ… | βœ… | βœ… | ❌ | βœ… | βœ… | βœ… schedules | βœ… | βœ… | βœ… | βœ… | βœ… | ❌ | ❌ restores | βœ… | βœ… | βœ… | ❌ | βœ… | βœ… | βœ… backupstoragelocations | βœ… | βœ… | βœ… | βœ… | βœ… | ❌ | ❌ volumesnapshotlocations | βœ… | βœ… | βœ… | βœ… | βœ… | ❌ | ❌ podvolumebackups | βœ… | βœ… | ❌ | ❌ | βœ… | ❌ | ❌ podvolumerestores | βœ… | βœ… | ❌ | ❌ | βœ… | ❌ | ❌ downloadrequests | βœ… | βœ… | ❌ | ❌ | βœ… | ❌ | ❌ deletebackuprequests | βœ… | βœ… | ❌ | ❌ | βœ… | ❌ | ❌ serverstatusrequests | βœ… | βœ… | ❌ | ❌ | ❌ | ❌ | ❌ settings | βœ… | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ all (All subjects) | βœ… | βœ… | βœ… | βœ… | βœ… | βœ… | βœ… Default Behavior: - Internal user assigned all actions: `u,admin,manage,all` - If no group/user defined for an action, default is allow all: `u,*,manage,all` ``` -------------------------------- ### Velero UI Federated Authentication Overview Source: https://velero-ui.docs.otwld.com/category/-federated-authentication This section provides an overview of Federated Authentication in Velero UI, linking to detailed guides on Role Based Access Control (RBAC) and various authentication providers. ```Markdown # πŸ”‘ Federated Authentication Get started with Federated Authentication: ## [πŸ“„οΈ πŸ”’ Role Based Access Control (RBAC) Velero UI supports Role Based Access Control (RBAC) to manage user permissions and access levels. This guide explains how to configure RBAC in Velero UI.](https://velero-ui.docs.otwld.com/sso-ldap/rbac)## [πŸ—ƒοΈ πŸ«† Providers 6 items](https://velero-ui.docs.otwld.com/category/-providers) ``` -------------------------------- ### Mount Certificate File in Docker/Kubernetes Source: https://velero-ui.docs.otwld.com/certificate Mount the bundled certificate file into the Velero UI container. This makes the certificate accessible within the container's filesystem. The example shows mounting it to `/etc/ssl/certs/`. ```yaml volumeMounts: -name: corp-ca mountPath: /etc/ssl/certs readOnly:true volumes: -name: corp-ca configMap: name: corporate-ca ``` -------------------------------- ### Velero UI Code Contribution Guidelines Source: https://velero-ui.docs.otwld.com/contributing Guidelines for contributing code to Velero UI. It emphasizes discussing ideas, following coding standards, testing, updating documentation, and writing clear commit messages. ```English 1. Start a discussion about your ideas [here](https://github.com/otwld/velero-ui/discussions/new/choose). 2. Follow the coding standards and ensure new features are well-tested. 3. Update any relevant documentation. 4. Write clear, concise commit messages. ``` -------------------------------- ### GitHub Authentication Environment Variables Source: https://velero-ui.docs.otwld.com/getting-started/environment-variables Configuration for enabling and setting up GitHub OAuth authentication in Velero UI. Includes client ID, secret, scope, and redirect URI. ```environment-variables GITHUB_AUTH_ENABLED: bool (default: false) - Enables GitHub authentication. GITHUB_CLIENT_ID: string - Sets the client ID for GitHub OAuth. GITHUB_CLIENT_SECRET: string - Sets the client secret for GitHub OAuth. GITHUB_OAUTH_SCOPE: string (default: openid email profile) - Defines scopes for GitHub OAuth. GITHUB_REDIRECT_URI: string (default: ${BASE_URL}/login) - The URI for GitHub redirects after authentication. ``` -------------------------------- ### RBAC Setup for Microsoft Authentication Source: https://velero-ui.docs.otwld.com/sso-ldap/providers/microsoft Steps to configure Role-Based Access Control (RBAC) using Azure AD groups for Velero UI. This involves granting the 'user.read' scope and configuring group claims. ```APIDOC Setup permissions: 1. From the API permissions menu, choose + Add a permission 2. Find User.Read permission (under Microsoft Graph) and grant it 3. From the Token Configuration menu, choose + Add groups claim 4. Check "Groups assigned to the application" and/or "Security groups assigned to the application" Associate group to application: 1. From the Microsoft Entra ID > Enterprise applications menu, search the App that you created 2. From the Users and groups menu of the app, add any users or groups requiring access to the service. Group syntax is `group_name`, example: `ADMINS`. ``` -------------------------------- ### Google Authentication Environment Variables Source: https://velero-ui.docs.otwld.com/getting-started/environment-variables Configuration for enabling and setting up Google OAuth authentication in Velero UI. Includes client ID, secret, scope, and redirect URI. ```environment-variables GOOGLE_AUTH_ENABLED: bool (default: false) - Enables Google authentication. GOOGLE_CLIENT_ID: string - Sets the client ID for Google OAuth. GOOGLE_CLIENT_SECRET: string - Sets the client secret for Google OAuth. GOOGLE_OAUTH_SCOPE: string (default: openid email profile) - Defines scopes for Google OAuth. GOOGLE_REDIRECT_URI: string (default: ${BASE_URL}/login) - The URI for Google redirects after authentication. ``` -------------------------------- ### Velero UI Issue Reporting Guidelines Source: https://velero-ui.docs.otwld.com/contributing Guidelines for reporting issues or suggesting improvements for Velero UI. It covers checking existing issues, using templates, and providing detailed descriptions. ```English Found a bug or have a suggestion? Check the [Issues tab](https://github.com/otwld/velero-ui/issues) to see if it’s been reported. If not, feel free to open a new issue. When reporting, please use the templates provided for detailed and efficient tracking. Template Compliance: Issues that don’t follow the templates or lack essential information may be closed to maintain our issue tracker’s integrity. Detailed Descriptions: Include clear descriptions, reproduction steps, and expected versus actual results for us to address your issue efficiently. ``` -------------------------------- ### Velero UI RBAC Google Groups Setup Source: https://velero-ui.docs.otwld.com/sso-ldap/providers/google Configuration for enabling Role-Based Access Control (RBAC) using Google Groups in Velero UI. This involves enabling the Cloud Identity API and adding a specific scope for group read access. ```APIDOC APIDOC: Functionality: RBAC with Google Groups Description: Enables Velero UI to read user group memberships from Google for RBAC. Prerequisites: - Google Cloud Identity API enabled in your Google Cloud project. Configuration: - Add the scope `https://www.googleapis.com/auth/cloud-identity.groups` to the `GOOGLE_OAUTH_SCOPE` environment variable. - In Google Cloud Console, navigate to Google Auth API > Data Access. - Click 'Add or remove scopes' and select the 'Cloud Identity Groups API'. - Choose the `auth/cloud-identity.groups.readonly` scope. Usage: - Group syntax is `group_name`, e.g., `admin`. - Refer to the [RBAC documentation](https://velero-ui.docs.otwld.com/sso-ldap/rbac) for further configuration. ``` -------------------------------- ### Kubernetes Configuration Source: https://velero-ui.docs.otwld.com/getting-started/environment-variables Environment variables for configuring the connection to the Kubernetes cluster, including the path to the kubeconfig file and the context to use. ```APIDOC KUBE_CONFIG_PATH: Type: string Default: Development Default: "-" Docker Default: "-" Kubernetes Default: "Provided by Cluster Role Binding" Description: Specifies the path to the Kubernetes configuration file. This file is needed to connect to the Kubernetes cluster. KUBE_CONTEXT: Type: string Default: Development Default: "Uses the default context from Kube Config." Docker Default: "Uses the default context from Kube Config." Kubernetes Default: "Provided by Cluster Role Binding" Description: Defines the context to use from the Kube Config for cluster interactions. Ensure the correct context is set for the desired cluster. ``` -------------------------------- ### Troubleshooting Microsoft Authentication Source: https://velero-ui.docs.otwld.com/sso-ldap/providers/microsoft Common issues and checks for troubleshooting Microsoft OAuth 2.0 authentication with Velero UI. ```APIDOC Ensure that the redirect URI set in Azure matches `MICROSOFT_REDIRECT_URI`. Check if `MICROSOFT_AUTH_ENABLED` is set to `true`. Inspect logs for authentication errors. Verify that your Microsoft OAuth credentials are correct. ``` -------------------------------- ### Velero UI Google Authentication Environment Variables Source: https://velero-ui.docs.otwld.com/sso-ldap/providers/google Configuration for enabling and customizing Google OAuth 2.0 authentication in Velero UI. These environment variables control the authentication flow and access permissions. ```bash GOOGLE_AUTH_ENABLED=true GOOGLE_CLIENT_ID=your-client-id GOOGLE_CLIENT_SECRET=your-client-secret GOOGLE_OAUTH_SCOPE="openid email profile" GOOGLE_REDIRECT_URI=http://localhost:4200/login ``` -------------------------------- ### Configure GitHub Authentication Environment Variables Source: https://velero-ui.docs.otwld.com/sso-ldap/providers/github Enables GitHub authentication for Velero UI by setting specific environment variables. This includes enabling the feature, providing client credentials, defining the OAuth scope, and specifying the redirect URI. ```bash GITHUB_AUTH_ENABLED=true GITHUB_CLIENT_ID=your-client-id GITHUB_CLIENT_SECRET=your-client-secret GITHUB_OAUTH_SCOPE="openid email profile" # read:org GITHUB_REDIRECT_URI=http://localhost:4200/login ``` -------------------------------- ### GitLab Authentication Environment Variables Source: https://velero-ui.docs.otwld.com/getting-started/environment-variables Configuration for enabling and setting up GitLab OAuth authentication in Velero UI. Includes client ID, secret, scope, and redirect URI. ```environment-variables GITLAB_AUTH_ENABLED: bool (default: false) - Enables GitLab authentication. GITLAB_CLIENT_ID: string - Sets the client ID for GitLab OAuth. GITLAB_CLIENT_SECRET: string - Sets the client secret for GitLab OAuth. GITLAB_OAUTH_SCOPE: string (default: read_user) - Defines scopes for GitLab OAuth. GITLAB_REDIRECT_URI: string (default: ${BASE_URL}/login) - The URI for GitLab redirects after authentication. ``` -------------------------------- ### Velero UI Best Practices for Code PRs Source: https://velero-ui.docs.otwld.com/contributing Best practices for submitting code pull requests to Velero UI, focusing on consistency, minimizing dependencies, and framework independence. ```English 1. Maintain Code Consistency: Ensure your contributions align with the project's existing standards. 2. Minimize External Dependencies: Avoid introducing new external dependencies without prior discussion. 3. Framework Independence: We strive to remain framework-agnostic. Build core functionalities without relying heavily on external libraries. If you're uncertain, feel free to open a discussion. ``` -------------------------------- ### Troubleshooting Generic OAuth Authentication Source: https://velero-ui.docs.otwld.com/sso-ldap/providers/generic Ensure that the redirect URI set in the OAuth provider matches OAUTH_REDIRECT_URI. Check if OAUTH_AUTH_ENABLED is set to true. Inspect logs for authentication errors and verify that your OAuth credentials and URLs are correct. ```APIDOC Troubleshooting: - Ensure redirect URI matches `OAUTH_REDIRECT_URI`. - Verify `OAUTH_AUTH_ENABLED` is set to `true`. - Inspect logs for authentication errors. - Confirm OAuth credentials and URLs are correct. ``` -------------------------------- ### Authentication Configuration Source: https://velero-ui.docs.otwld.com/getting-started/environment-variables Configuration for JWT token signing and session duration. Also includes settings for basic authentication, such as enabling/disabling the username and password. ```APIDOC AUTH_SECRET_PASSPHRASE: Type: string Default: "this is not a secret passphrase" Description: A secret passphrase used for signing and verifying JWT tokens. Ensure this is kept secure to prevent unauthorized access. AUTH_SESSION_DURATION: Type: string Default: "1h" Description: Indicates the duration of a user session, used for generating JWT tokens. Adjust this value to control session length. BASIC_AUTH_ENABLED: Type: bool Default: true Description: Enables basic authentication for the application. If set to false, the login form will be hidden. BASIC_AUTH_USERNAME: Type: string Default: "admin" Description: Specifies the username for basic authentication. Change this as needed for security. BASIC_AUTH_PASSWORD: Type: string Default: "admin" Description: Specifies the password for basic authentication. Ensure this is secure and not easily guessable. ``` -------------------------------- ### Policy Configuration Source: https://velero-ui.docs.otwld.com/getting-started/environment-variables Specifies the file path for policies used in user permission management. ```APIDOC POLICY_FILE_PATH: Type: string Default: "./policies.csv" Description: Specifies the path to the CSV file containing policies for user permissions. This file is used to manage access control within the application. ``` -------------------------------- ### Velero UI GitLab Authentication Configuration Source: https://velero-ui.docs.otwld.com/sso-ldap/providers/gitlab Environment variables required to enable and configure GitLab authentication for Velero UI. This includes enabling the feature, providing client credentials, setting scopes, redirect URIs, and the GitLab base URL. ```APIDOC Environment Variables for GitLab Authentication: - GITLAB_AUTH_ENABLED: Set to `true` to enable GitLab authentication. Default is `false`. - GITLAB_CLIENT_ID: The client ID obtained from your GitLab OAuth application settings. - GITLAB_CLIENT_SECRET: The client secret obtained from your GitLab OAuth application settings. - GITLAB_OAUTH_SCOPE: Defines the scope of OAuth access requested from GitLab. Default is `read_user`. Additional scopes like `read_api` may be needed for RBAC. - GITLAB_REDIRECT_URI: The callback URI registered with your GitLab OAuth application. Velero UI expects this to be `http://localhost:4200/login` by default. - GITLAB_BASE_URL: The base URL of your GitLab instance. Use `https://gitlab.com` for the official GitLab service, or your self-hosted instance URL. ``` -------------------------------- ### Velero UI OAuth Environment Variables Source: https://velero-ui.docs.otwld.com/sso-ldap/providers/generic Configuration parameters for enabling and customizing generic OAuth 2.0 authentication in Velero UI. These variables control the authentication flow, provider details, and user information retrieval. ```APIDOC Environment Variables for Generic OAuth Authentication: OAUTH_AUTH_ENABLED: Enables OAuth authentication. Default: `false`. OAUTH_NAME: Display name for the OAuth provider. OAUTH_AUTHORIZATION_URL: URL of the OAuth provider's authorization endpoint. OAUTH_USER_INFO_URL: URL of the OAuth provider's user information endpoint. OAUTH_TOKEN_URL: URL of the OAuth provider's token exchange endpoint. OAUTH_CLIENT_ID: Client ID obtained from the OAuth provider. OAUTH_CLIENT_SECRET: Client Secret obtained from the OAuth provider. OAUTH_OAUTH_SCOPE: Scope of access requested. Default: `openid profile email`. OAUTH_REDIRECT_URI: The URI to redirect to after authentication. Default: `http://localhost:4200/login`. OAUTH_GROUP_CLAIM: The claim in the user info response that contains group memberships. Default: `groups`. ``` -------------------------------- ### Velero UI LDAP Environment Variables Configuration Source: https://velero-ui.docs.otwld.com/sso-ldap/providers/ldap Configuration of environment variables for enabling and setting up LDAP authentication in Velero UI. This includes details on the LDAP server URL, bind credentials, search base, and search filter. ```env LDAP_ENABLED=true LDAP_URL=ldap://localhost:389/ LDAP_BIND_DN=cn=admin,dc=example,dc=org LDAP_BIND_CREDENTIALS=admin LDAP_SEARCH_BASE=ou=users,dc=example,dc=org LDAP_SEARCH_FILTER=(uid={{username}}) LDAP_SEARCH_ATTRIBUTES= LDAP_GROUP_SEARCH_BASE= ``` -------------------------------- ### Combine Certificate Files Source: https://velero-ui.docs.otwld.com/certificate If you have multiple certificate files (e.g., root CA and intermediate CA), combine them into a single PEM-encoded file. This bundled file will be used to extend the trusted certificate authorities for Node.js. ```bash cat corp-root.crt corp-intermediate.crt > corp-bundle.crt ``` -------------------------------- ### Generic OAuth2 Authentication Configuration Source: https://velero-ui.docs.otwld.com/getting-started/environment-variables Enables and configures generic OAuth2 authentication for Velero UI. This includes client ID, secret, scope, and redirect URI. ```environment-variables OAUTH_AUTH_ENABLED Type: bool Default: false Description: Enables OAuth2 authentication for users. OAUTH_CLIENT_ID Type: string Description: Sets the client ID for OAuth2 authentication. OAUTH_CLIENT_SECRET Type: string Description: Sets the client secret for OAuth2 authentication. OAUTH_OAUTH_SCOPE Type: string Default: openid profile email Description: Defines the scopes for OAuth2 authentication. OAUTH_REDIRECT_URI Type: string Default: ${BASE_URL}/login Description: The URI to which the OAuth2 provider redirects users after authentication. ```